Self-hosted runners
When you create a GitHub Actions workflow, you can specify whether to run the job on GitHub-hosted runners or Self-hosted runners. GitHub-hosted runners are great for the vast majority of projects when it doesn’t matter where the job runs. However, for some projects there may be a requirement to communicate with on-premises resources or for the job to run in a particular region (GitHub-hosted runners are primarily located in the United States). This is where self-hosted runners can help.
Within the Imperial College London (github.com) organisation, the ability to create self-hosted runners at the repository scope is disabled by default. This is to improve security across GitHub and prevent unauthorised code running on Imperial’s network. More information on this can be found at Hardening for self-hosted runners.
If you’d like to use self-hosted runners for your project, you have two options. You can either use the Imperial managed self-hosted runners or create your own user managed self-hosted runners.
Imperial managed self-hosted runners
Imperial’s self-hosted runners are deployed in the UK South region in Azure and have network connectivity to on-premises resources. Each runner is ephemeral and will be destroyed after the job has ran. This provides a clean runtime environment for each build and improves security as no files are left on the runner. They’re managed centrally by ICT and use the following runner images.
arc-ubuntu-22-04
This image is the default runner image provided by GitHub. It’s a minimal runner image and contains the least number of packages necessary for the container runtime and runner binaries. It’s fast to start-up but if you want to use additional tools (Java, NodeJS, Azure CLI etc.), you’ll need to install them yourself. You can view the Dockerfile for the image in the actions/runner repository.
arc-ubuntu-22-04-custom
This image uses the default runner image provided by GitHub and installs additional tools on top. This image is slightly slower to start-up but includes core tools pre-installed. The tools currently installed are:
- wget
- jq
- python3
- python3-pip
- python3-venv
- Azure CLI
- Helm
- PowerShell for Linux
- NodeJS
- NPM
Request access to Imperial managed self-hosted runners
Imperial managed self-hosted runners are available for authorised staff projects. If you’d like to use the Imperial managed self-hosted runners, please contact the ICT Service Desk and include the name of the repository and why you need to use self-hosted runners.
Once approved, the self-hosted runners will be added to your repository and you’ll be able to use them by adding the arc-ubuntu-22-04
or arc-ubuntu-22-04-custom
labels to the runs-on
property in your GitHub Actions workflow. The Imperial managed self-hosted runners are supported by ICT so if you experience any issues, you can contact the ICT Service Desk for assistance.
User managed self-hosted runners
User managed self-hosted runners are deployed and managed by the maintainers of the repository. They are not supported by ICT and should only be used if you’re unable to use the GitHub-hosted runners or Imperial managed self-hosted runners. You’re responsible for ensuring the underlying hardware/software is kept up-to-date.
Request access to user managed self-hosted runners
User managed self-hosted runners are only available for authorised staff projects. By default, the option to create your own self-hosted runner is disabled. If you’d like to create your own self-hosted runner, please contact the ICT Service Desk to request an exception rule for your repository.
Once the exception rule is in place, you’ll be able to create self-hosted runners within the repository settings. More details on how to do this can be found at Adding self-hosted runners.